Featured Video: SDN-Based Security, With Jim Metzler #11

Editor’s Note:The SDN Journey is a series of video tutorials and blog posts by networking industry luminary Jim Metzler designed to help end-users with SDN adoption. We will be posting new content every couple of weeks, both as blog posts and video tutorials–check the SDN Journey Channel page regularly to see the latest updates.

In this blog I am going to discuss some of the existing best practices for software-defined networking (SDN)-based security, the factors that are driving IT organizations to question those best practices, and then point out how the implementation of an SDN can help improve the overall security of the IT infrastructure.

One of the existing best practices for security is for IT organizations to manage network and security policies separately. It has also been very common for IT organizations to implement a large and growing number of security appliances that for the most part were configured at deployment and then re-configured only when absolutely necessary.

One of the factors that is driving IT organizations to question their security practices is the growth in the size of networks combined with the increase in the speed of their networks. This factor has caused centralized security appliances to become chokepoints. In addition, the growth in the number of security appliances is causing the management of those security devices to be increasingly burdensome and error-prone. Another factor driving IT organizations to question their existing security practices is that the time it takes to modify security policies is increasingly out of line with the time it takes to fire up or move a virtual machine.

One of the key tenets of SDN is that state information that used to be distributed in each network element is now centralized in an SDN controller. Having access to that centralized state information enables the deployment of value-added security functionality, in large part because security policy no longer has to be set on a device-by-device basis.

HP is an example of a company that has developed an SDN-based security application that takes advantage of centralized state information. That application, referred to as the Sentinel SDN Security Application, is designed to enable IT organizations to combat the security challenges that are associated with implementing BYOD. Sentinel leverages the HP TippingPoint Repudiation Digital Vaccine database to determine if the site that a user is trying to access is legitimate. If it is, Sentinel allows access to the site. If not, it blocks access and logs the attempt.

Click below to watch Part 11 of the SDN Journey – Note: You must be an SDxCentral member to watch. Login to SDxCentral or register for free.

CONTRIBUTED ARTICLE DISCLAIMER

Statements and opinions expressed in articles, reviews and other materials herein are those of the authors; not the editors and publishers.

While every care has been taken in the selection of this information and reasonable attempts are made to present up-to-date and accurate information, SDxCentral, LLC cannot guarantee that inaccuracies will not occur. SDxCentral will not be held responsible for any claim, loss, damage or inconvenience caused as a result of any information within this site, or any information accessed through this site.

The content of any third party web site which you link to from the SDxCentral site are entirely out of the control of SDxCentral, and you proceed at your own risk. These links are provided purely for your convenience. They do not imply SDxCentral's endorsement or association. The copyright and any other intellectual property right any third party content belongs to the author and/or other applicable third party.

Jim Metzler is widely recognized as an authority on both network technology and its business applications. In over 30 years of professional experience, Jim has worked in virtually every aspect of the networking industry. This includes creating software tools to design customer networks for a major IXC; being an Engineering Manager for high speed data services for a major Telco; being a Product Manager for network hardware; managing networks at two Fortune 500 companies; directing and performing market research at a major industry analyst firm; and running a consulting organization. Jim’s current interests include application delivery, cloud networking and software defined networks.

About SDxCentral

Engage With us

This material may not be copied, reproduced, or modified in whole or in part for any purpose except with express written permission from an authorized representative of SDxCentral, LLC. In addition to such written permission to copy, reproduce, or modify this document in whole or part, an acknowledgement of the authors of the document and all applicable portions of the copyright notice must be clearly referenced. All Rights Reserved.

Please enter your Business Email to view this asset:

We are requesting you provide a valid business, education, non-profit or government email address not from free or temporary email providers or ISPs. If you feel that our filters are incorrectly disallowing your email, please contact us at support@sdxcentral.com.